I have installed Tumbleweed and have been using it for the past few days. It really surprised me with how many features come as the default.

Installer

• Good desktop environment choices include XFCE, along with KDE and other options:

suse21010×734 69.1 KB

• Btrfs is used by default, with other options available like XFS and Ext4:

suse41011×735 22.1 KB

• Support LVM:

suse31013×733 14.8 KB

• UTC as an option for time zone:

suse51013×735 70.2 KB

• It’s odd that ‘host name’ should appears here, but it actually exists in the network configuration. However, it’s not a big deal:

suse61018×735 46.4 KB

• It has a feature-rich installer, where every blue button is clickable:

suse81018×735 76.8 KB

• You can even configure which packages will be installed:

suse91018×735 61.1 KB

• I’ve never seen this before in any installer: it gives you the option to install a kernel with CPU mitigations for the Spectre/Meltdown issues by disabling multithreading:

suse101014×733 24.9 KB

suse111014×737 25.5 KB

• Free and non-free software are separated, each with its own repository flag.

• And surprise, surprise—they offer a live boot option with an installer. It’s like a full replacement for Calamares, but with all the missing features in mind:

suse151021×731 210 KB

Post installation/Packages

• It includes a GUI configuration for AppArmor and Firewall (something that Debian lacks).
• Some packages nomenclature going to be different e.g thunderbird:

suse121015×729 190 KB

• The distro is all about rollback support, if packages break, you can simply roll back, thanks to the Btrfs feature. (something debian lacks)
• It uses Dracut by default.

Notes

• It has extensive documentation, with many sections covering security, hardening, and related topics.
• They use OpenQA for automated testing of package and patch health, making it more reliable for a rolling release. Security patches are also included (which Debian lacks—only the stable release gets attention from the security team).
• They seem to sign both the metadata and the data, whereas in debian, only the metadata is signed (I’ll need to double-check this).
• No clear idea how easy it is to upload newer packages (kicksecure/whonix) to their repository (need to double check).
• They use bugzilla as a ticket system, not as good as gitlab self host (or similar projects) nor as bad as the mailing list.
• They dont ship TorBrowser directly, instead only using Tor Browser Launcher (Though URL need to be changed from micahflee to TorProject).

Benefits

• Almost all the solutions we were seeking for Debian are already provided by openSUSE (live experience with installer, latest packages with stability and security, rollback/snapshots, MAC like AppArmor, GUI firewall…etc).
• Nonsense bugs like AC97 or breaking wifi due to using newer kernel…etc from outdated everything in debian.
• There’s no need to rely on Flatpak, with its poor security design, to get the latest versions of commonly used software.
• No need to add third-party repositories to get newer versions of software (like VirtualBox), which eliminates the need to trust third-party repository maintainers.
• No third-party installer like Calamares is needed, as the upstream installer replaces it, offering more features.
• No need to have Whonix & Kicksecure repos, everything can be pushed directly to the upstream and user have it as soon as it pass packaging process.
• I talked to the AppArmor implementer in openSUSE, cboltz. He’s adding apparmor.d to his roadmap to be included by default, likely in enforced mode, or if not, in complain mode. Additionally, it’s worth noting that they are also incorporating SELinux, especially for Tumbleweed.

Technical Issues

• It’s a systemd-based distro and doesn’t offer the flexibility to opt out of systemd, similar to Debian.
• I couldn’t find any mention of passing TUF in their wiki or forum (Ticket has been created).
• Dont have onion URLs for their repositories (which does offer an enhanced security for the users).
• It does as well suffer from metapackage removal issue similar to debian.
• Personal experience: The latest software wasn’t delivered in a timely manner—it was actually delayed by more than 6 days (for Firefox). Other delayed packages can be found here.
• The default repository uses HTTP, not HTTPS, but it does support switching to HTTPS (which mean their users are vulnerable to many bad stuff by default).
• Doesnt look like it has the same policy regarding Embedded Copies as Debian (Couldnt find it explained/enforced in their wiki or anywhere).
• Their Live-CD installer cant be installed without the presence of the internet connection (Though it should be a trivial task to solve).

Infrastructure Issues

• Rebranding issues: Is openSUSE at crossroads?. Additional [1] [2].
• Mass banning and loosing contributors: Don’t wave the LGBT flag? SUSE & openSUSE says you are “Rotten Flesh”. Additionally Bryan Lunduke (the same guy who wrote the article) which he was a board member [1] [2] in openSUSE talked more about it in a video here and here.

Missing Packages

• Onionbalance (Not found)
• nyx (Not packaged for tumbleweed)
• Onion Circuits (Not found)
• Metadata Cleaner (Not packaged officially)
• I2P Java (Not found), But there is i2pd (similar to debian).

Conclusion

It really depends on how seriously openSUSE developers are addressing important issues, such as not passing TUF criteria or adding onion support to their repositories…etc.

But overall, it’s the best distro I’ve come across in my comparisons.

Extra

They offer an immutable/atomic system called MicroOS, similar to Fedora Silverblue (something Debian lacks).

• Only support KDE (and Gnome?) in an experimental/alpha state:

suse141017×729 66.1 KB

Added first necessary questions to the forums and mailing list: